Assigning Ssid Default Attributes To A Service Profile; Assigning A Security Acl To A User Or A Group - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

Assigning SSID Default Attributes to a Service Profile

You can configure a service profile with a set of default AAA authorization attributes that are used when
the normal AAA process or a location policy does not provide them. These authorization attributes are
applied by default to users accessing the SSID managed by the service profile.
Use the following command to assign an authorization attribute to a service profile and specify its
value:
set service-profile name attr attribute-name value
By default, a service profile contains no SSID default authorization attributes.
When specified, attributes in a service profile are applied in addition to any attributes supplied for
the user by the RADIUS server or the local database. When the same attribute is specified both as
an SSID default attribute and through AAA, then the attribute supplied by the RADIUS server or the
local database takes precedence over the SSID default attribute. If a location policy is configured, the
location policy takes precedence over both AAA and SSID default attributes. The SSID default attributes
serve as a fallback when neither the AAA process, nor a location policy, provides them.
For example, a service profile might be configured with the service-type attribute set to 2. If a user
accessing the SSID is authenticated by a RADIUS server, and the RADIUS server returns the vlan-
name attribute set to orange, then that user will have a total of two attributes set: service-type and
vlan-name.
If the service profile is configured with the vlan-name attribute set to blue, and the RADIUS server returns
the vlan-name attribute set to orange, then the attribute from the RADIUS server takes precedence; the
user is placed in the orange VLAN.
You can display the attributes for each connected user and whether they are set through AAA or
through SSID defaults by entering the show sessions network verbose command. You can display
the configured SSID defaults by entering the show service-profile command.

Assigning a Security ACL to a User or a Group

Once a security access control list (ACL) is defined and committed, it can be applied dynamically and
automatically to users and user groups through the 802.1X authentication and authorization process.
When you assign a Filter-Id attribute to a user or group, the security ACL name value is entered as an
authorization attribute into the user or group record in the local database or RADIUS server.
Note: If the Filter-Id value returned through the authentication and authorization process does not
match the name of a committed security ACL in the switch, the user fails authorization and cannot be
connected.
D-Link DWS-1008 User Manual 18